Merge branch 'contrib/github_pr_12177_v5.0' into 'release/v5.0'

mahavirj · mahavirj · commit 471ca6a6bf8b · 2024-01-03T16:52:10.000+08:00
mbedtls: define MBEDTLS_SSL_CID_TLS1_3_PAD_GRANULARITY for CID padding (GitHub PR) (v5.0)

See merge request espressif/esp-idf!28210
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
@@ -252,6 +252,22 @@ menu "mbedTLS"
             help
                 Enable PKCS #7 core for using PKCS #7-formatted signatures.
 
+        config MBEDTLS_SSL_CID_PADDING_GRANULARITY
+            int "Record plaintext padding"
+            default 16
+            range 0 32
+            depends on MBEDTLS_SSL_PROTO_TLS1_3 || MBEDTLS_SSL_DTLS_CONNECTION_ID
+            help
+                Controls the use of record plaintext padding in TLS 1.3 and
+                when using the Connection ID extension in DTLS 1.2.
+
+                The padding will always be chosen so that the length of the
+                padded plaintext is a multiple of the value of this option.
+
+                Notes:
+                    A value of 1 means that no padding will be used for outgoing records.
+                    On systems lacking division instructions, a power of two should be preferred.
+
         menu "DTLS-based configurations"
             depends on MBEDTLS_SSL_PROTO_DTLS
 
@@ -278,22 +294,6 @@ menu "mbedTLS"
                 help
                     Maximum length of CIDs used for outgoing DTLS messages
 
-            config MBEDTLS_SSL_CID_PADDING_GRANULARITY
-                int "Record plaintext padding (for DTLS 1.2)"
-                default 16
-                range 0 32
-                depends on MBEDTLS_SSL_DTLS_CONNECTION_ID
-                help
-                    Controls the use of record plaintext padding when
-                    using the Connection ID extension in DTLS 1.2.
-
-                    The padding will always be chosen so that the length of the
-                    padded plaintext is a multiple of the value of this option.
-
-                    Notes:
-                        A value of 1 means that no padding will be used for outgoing records.
-                        On systems lacking division instructions, a power of two should be preferred.
-
             config MBEDTLS_SSL_DTLS_SRTP
                 bool "Enable support for negotiation of DTLS-SRTP (RFC 5764)"
                 default n
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2843,10 +2843,10 @@
 #undef MBEDTLS_SSL_CID_OUT_LEN_MAX
 #endif
 
-/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
  *
  * This option controls the use of record plaintext padding
- * when using the Connection ID extension in DTLS 1.2.
+ * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
  *
  * The padding will always be chosen so that the length of the
  * padded plaintext is a multiple of the value of this option.
@@ -2858,10 +2858,10 @@
  *       a power of two should be preferred.
  *
  */
-#ifdef CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID
-#define MBEDTLS_SSL_CID_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#ifdef CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY    CONFIG_MBEDTLS_SSL_CID_PADDING_GRANULARITY
 #else
-#undef MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#undef MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
 #endif
 
 
